[Secure-testing-commits] r58939 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Dec 26 13:28:44 UTC 2017 

Author: jmm
Date: 2017-12-26 13:28:44 +0000 (Tue, 26 Dec 2017)
New Revision: 58939

Modified:
   data/CVE/list
Log:
hdf no-dsa
rtpproxy unimportant
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-26 13:26:09 UTC (rev 58938)
+++ data/CVE/list	2017-12-26 13:28:44 UTC (rev 58939)
@@ -5658,26 +5658,36 @@
 	RESERVED
 CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the ...)
 	- hdf5 <unfixed> (bug #884365)
+	[stretch] - hdf5 <no-dsa> (Minor issue)
+	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function ...)
 	- hdf5 <unfixed> (bug #884365)
+	[stretch] - hdf5 <no-dsa> (Minor issue)
+	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/1-hdf5-divbyzero-H5T_set_loc
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
 	- hdf5 <unfixed> (bug #884365)
+	[stretch] - hdf5 <no-dsa> (Minor issue)
+	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
 	- hdf5 <unfixed> (bug #884365)
+	[stretch] - hdf5 <no-dsa> (Minor issue)
+	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
 CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function ...)
 	- hdf5 <unfixed> (bug #884365)
+	[stretch] - hdf5 <no-dsa> (Minor issue)
+	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)
 	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
 	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
@@ -14619,7 +14629,7 @@
 CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...)
 	NOT-FOR-US: Huawei
 CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...)
@@ -18441,9 +18451,10 @@
 CVE-2017-14115 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 ...)
 	NOT-FOR-US: Arris
 CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...)
-	- rtpproxy <unfixed> (bug #874070)
+	- rtpproxy <unfixed> (unimportant; bug #874070)
 	NOTE: https://rtpbleed.com/
 	NOTE: https://github.com/sippy/rtpproxy/issues/70
+	NOTE: Design limitation in RTP protocol
 CVE-2017-14113
 	REJECTED
 CVE-2017-14112
@@ -18957,7 +18968,7 @@
 CVE-2017-13904
 	RESERVED
 CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13902
 	RESERVED
 CVE-2017-13901
@@ -18997,7 +19008,7 @@
 CVE-2017-13884
 	RESERVED
 CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13882
 	RESERVED
 CVE-2017-13881
@@ -19005,33 +19016,33 @@
 CVE-2017-13880
 	RESERVED
 CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13877
 	RESERVED
 CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13873
 	RESERVED
 CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...)
 	NOT-FOR-US: Apple
 CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
 	- webkit2gtk 2.18.4-1 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
 	NOTE: Not covered by security support
 CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
 	- webkit2gtk 2.18.4-1 (unimportant)
 	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html

More information about the Secure-testing-commits mailing list